I need to give a TFS Project Group contributor privileges to a Source Control subdirectory in a TFS project. I can connect successfully as someone from this group but can't browse Source Control, presumably because the user doesn't have access to the top level of the project. Is there any way to configure access in a manner that doesn't require giving read access to the whole project or maintaining privileges for every folder that shares a directory with folders in the path to the target subdirectory?
Clarification:
Project / Folder1 / Folder2 / TargetFolder
I have set this up by giving them permissions, but to restrict permissions to only TargetFolder and its contents, I need to give the group read access to Folder1 and Folder2. But because the permissions are inherited, I need to deny this group on every other folder under Project, Folder1, and Folder2. This is a maintenance headache and if new directories are added in the future, they will need to have their permissions changed as well.
Answer
There is no way to do this out of the box. If you're only going to be doing it rarely, the manual process of denying on the parent folders is going to be most efficient.
If, however, this is a task you think you'll find yourself repeating fairly often, you can create a utility using the TFS API to do it for you.
(Something along these lines. Warning, this is not tested)
vcs = //...VersionControlServer reference...
string checkinPath = @"$/MyProject/Sources/Whatever";
string identityName = @"[MyProject]\Contributors";
string[] removesNone = new string[]{ };
string[] allowsNone = new string[]{ };
string[] deniesNone = new string[]{ };
string[] allowsCheckin = new string[]{ PermissionChange.ItemCheckin };
string[] deniesCheckin = new string[]{ PermissionChange.ItemCheckin };
PermissionChange pc = new PermissionChange(
checkinPath, identityName, allowsCheckin, deniesNone, removesNone);
vcs.SetPermissions(new SecurityChange[]{ pc } );
// walk up the path denying on parent folders
checkinPath = checkinPath.Substring(0, checkinPath.LastIndexOf('/'));
while (checkinPath.Length > 2)
{
PermissionChange pc = new PermissionChange(
checkinPath, identityName, allowsNone, deniesCheckin, removesNone);
vcs.SetPermissions(new SecurityChange[]{ pc } );
checkinPath = checkinPath.Substring(0, checkinPath.LastIndexOf('/'));
}
No comments:
Post a Comment